漏洞描述
Checks if Remote Desktop is enabled on workstation editions where it’s not required.
remote-desktop-enabled-non-server: Remote Desktop Enabled on Non-Server OS
PoC代码[已公开]
id: remote-desktop-enabled-non-server
info:
name: Remote Desktop Enabled on Non-Server OS
author: princechaddha
severity: high
description: Checks if Remote Desktop is enabled on workstation editions where it’s not required.
impact: |
Enabling Remote Desktop on non-server OS could lead to unauthorized remote access.
remediation: |
Disable Remote Desktop on non-server editions to reduce the risk of remote attacks.
tags: windows,remote-desktop,network,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name 'fDenyTSConnections'
matchers:
- type: word
words:
- "0"
# digest: 4a0a0047304502201d0ee23af404b6fa975496e74a984410ab981d8586a2bee9874179878c7b740a0221008d791fa3f2d885e2e961a1c709f25e9e3e4dd13a5faa44e1e9ad660b4395e5f4:922c64590222798bb761d5b6d8e72950